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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)D Responsive to communication(s) filed on . 

2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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5) D Claim(s) is/are allowed. 

6) H Claimfs) 1-21 is/are rejected. 
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Application Papers 
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Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) |3 Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) □ Notice of Informal Patent Application (PTO-1 52) 

Paper No(s)/Mail Date 5 and 6 . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 9 





Application/Control Number: 09/598,814 
Art Unit: 2132 



Page 2 



DETAILED ACTION 



Claims 1-21 have been examined. 



Claim Rejections - 35 USC §112 



2. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

3. Claim 1 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

4. Claim 1 recites the limitation "the level of trust". There is insufficient antecedent 
basis for this limitation in the claim. 



5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 



Claim Rejections - 35 USC § 103 



were made absent any evidence to the contrary. Applicant is advised of the obligation 
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under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

7. Claims 1-17 and 19-21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Blaze et al. "Decentralized Trust Management" (hereinafter Blaze) in 
view of Gong U.S. Patent No. 6,044,467 (hereinafter Gong). As per claim 1 , Blaze 
discloses a method of associating a permission set with an action based on evidence 
characterized by different levels of trust (see Blaze, page 2, section 1.1, 'PGP system'; 
page 3, 3 rd paragraph; page 3, 3 rd paragraph, steps 1-7), the method comprising: 

a. receiving at least a first condition and a first element of evidence, wherein 
the first condition is associated with the permission set and the level of trust 
associated with the first element of evidence is independent of other evidence 
and conditions, and determining whether the first condition is satisfied by the first 
element of evidence (see Blaze, page 3, 3 rd paragraph, 3 rd step; page 2, section 
1.1 , 'PGP' system', A's verifiable digital signature on B's key is the condition, and 
A's public/private key pair is evidence); 

b. receiving at least a second condition and a second element of evidence, 
wherein the second condition is associated with the permission set and the level 
of trust associated with the second element is dependent upon the first condition, 
and determining whether the second condition is satisfied by the second element 
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of evidence (see Blaze, page 3, 3 rd paragraph, 3 rd step; page 2, section 1 .1, 
'PGP system', A to verify trustworthiness of B's key is condition, and digital 
signature of A is evidence); 

c. associating the permission set with the code assembly, if both the first 
condition and the second condition are satisfied (see Blaze, page 3, 3 rd 
paragraph, steps 4-6). 

8. Blaze does not expressly disclose associating a permission set with a code 
assembly. Gong discloses a means for secure class resolution, loading and definition; 
in particular, the classes loaded by a class loader are associated with a permission set 
(see Gong, Abstract; Figure 3). It would be obvious to one of ordinary skill in the art at 
the time the invention was made to apply the teaching of Gong to the method of Blaze. 
Motivation for such an implementation would enable security measures to restrict 
execution of code assemblies based on permission set and code membership as taught 
by Gong (see Gong, col. 1, line 30-col. 2, line 65). The aforementioned covers claim 1 . 

9. As per claims 2-5, Blaze covers a method as outlined above in the claim 1 
rejection under 35 U.S.C. 103(a). In addition, the operation of receiving at least a first 
and second condition comprises: 

a. receiving the first condition and the first element, and the second condition 
and the second element respectively, within a membership criterion (see Blaze, 
page 3, 3 rd paragraph, steps 1 and 3 as modified by Gong, Figure 3, Reference 
No. 310); and 
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b. reading the first element and second element of evidence based on 
references in the membership criterion (see Blaze, page 2, section 1 .1 , 'A acts as 
an introducer of B to C as modified by Gong, Figure 3, Reference Nos. 310 and 
316). 

The aforementioned cover claims 2-5. 

10. As per claim 6, Blaze covers a method as outlined above in the claim 1 rejection 
under 35 U.S.C. 103(a). In addition, the first condition applies the first element of 
evidence as implicitly trusted evidence used to validate the second element of evidence 
applied in the second condition (see Blaze, page 2, section 1.1, A's PublicKey, 
SecretKey pair). 

11. As per claim 7, Blaze covers a method as outlined above in the claim 1 rejection 
under 35 U.S.C. 103(a). In addition, the second condition applies the second element 
of evidence as initially untrusted evidence (see Blaze, page 2, section 1 .1 , A signs B's 
keys). 

12. As per claim 8, Blaze covers a method as outlined above in the claim 1 rejection 
under 35 U.S.C. 103(a). In addition, the method further comprises 

a. generating a collection of code groups, each code group being associated 
with a membership criterion and a permission set, wherein the first condition and 
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the second condition are received in the membership criterion associated with 
one of the code groups (see Gong, col .11, line 57-col. 12, line 12; Figure 3); and 
b. determining whether the code assembly is a member of the code group, 
based on the membership criterion (see Blaze, page 2, section 1.1, 'PGP system' 
as modified by Gong, Figure 2B). 
The aforementioned covers claim 8. 

1 3. As per claim 9, Blaze covers a method as outlined above in the claim 8 rejection 
under 35 U.S.C. 103(a). In addition, the associating operation associates the 
permission set of the code group with the code assembly, if the code assembly is 
determined to be a member of the code group (see Blaze, page 3, 3 rd paragraph, steps 
1-4; see Gong, Figure 3). 

14. As per claim 10, Blaze covers a method as outlined above in the claim 1 rejection 
under 35 U.S.C. 1 03(a). In addition, the concept of A acting as an introducer of B to C 
in the PGP system is recursive: B further acts as an introducer of C to a D if the trusted 
path deems a greater degree of separation from trusted certifier to certificate of public 
key in question (see Blaze, page 2, section 1.1, 'PGP system' and 'introducer'; page 3, 
3 rd paragraph, step 3). 

1 5. As per claims 11-16, they are apparatus claims corresponding to claims 1 -1 0 and 
they do not teach or define above the information claimed in claims 1-10. Therefore, 
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claims 11-16 are rejected as being unpatentable over Blaze in view of Gong for the 
same reasons set forth in the rejections of claims 1-10. 

16. As per claim 17, Blaze covers a computer program product encoding a computer 
program for executing on a computer system a computer process for associating a 
permission set with a code assembly based on evidence characterized by different 
levels of trust as outlined above in the claim 1 rejection (see Blaze, pages 2 and 3 as 
modified by Gong, Figures 2B and 3). In addition, the computer process further 
comprises: 

a. receiving one or more first conditions, each first condition being 
associated with one or more first elements of evidence, wherein each first 
condition is associated with the permission set (see Blaze, page 2, section 1.1, 
PGP system 1 , 'key rings 7 , Validity score 1 ; page 3, 3 rd paragraph, step 5); 

b. determining whether each first condition is satisfied by an associated first 
element of evidence (see Blaze, page 2, section 1.1, 'PGP system', 'A can sign 
B's key 1 , 'A is an introducer of B to C); 

c. generating an indication for each first condition that is satisfied (see Blaze, 
page 2, section 1.1, 'PGP 1 system', 'judging validity score'); 

d. receiving a second condition associated with the permission set and 
determining whether the second condition is satisfied based on the indications 
(see Blaze, page 2 t section 1.1, PGP system', 'uses key in the certificate if the 
score is high enough'); and 
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f. associating the permission set with the code assembly, if both the first 
condition and the second condition are satisfied (see Blaze, page 3, 3 rd 
paragraph, steps 6 and 7). 
The aforementioned covers claim 17. 

17. As per claim 19, Blaze covers a computer program as outlined above in the claim 
17 rejection under 35 U.S.C. 103(a). In addition, at least one first element of evidence 
includes initially untrusted evidence (see Blaze, page 3, 3 rd paragraph, step 1). 

18. As per claim 20, Blaze covers a computer program as outlined above in the claim 
17 rejection under 35 U.S.C. 103(a). In addition, at least one indication includes initially 
untrusted evidence (see Blaze, page 3, 3 rd paragraph, step 1; page 2, section 1.1, PGP 
system', 'degree of trust', Validity score 1 ). 

19. As per claim 21 , Blaze covers a computer program as outlined above in the claim 
17 rejection under 35 U.S.C. 103(a). In addition, inherent in a computer process that 
generates an indication for each satisfied first condition, is an indication for each first 
condition that is not satisfied. 

20. Claim 18 is rejected under 35 U.S.C. 103(a) as being unpatentable over Blaze in 
view of Gong, and further in view of Itoh et al. U.S. Patent No. 6,052,678 (hereinafter 
Itoh). As per claim 18, Blaze covers a computer program product as outlined above in 
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the claim 17 rejection. Although Blaze does not disclose associating values to the 
conditions, summing the values, then evaluating the sum against a threshold to 
determine satisfiability; this process is a typical functional means to generate a result to 
indicate satisfiability or unsatisfiablity. For example, Itoh teaches such steps in a 
problem solving operation apparatus using state transition (see Itoh, col. 8, 25-35). It 
would be obvious to one of ordinary skill in the art at the time the invention was made to 
apply the teaching of Itoh to the apparatus covered by Blaze. Motivation for such an 
implementation would enable standard functional means to determine satisfiability or 
unsatisfiability of a set of conditions. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W Kim whose telephone number is (703) 305- 
8289. The examiner can normally be reached on M-F 9:00-6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (703) 305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 



Conclusion 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free), f A, 




Jung W Kim 
Examiner 
Art Unit 2132 



Jk 

June 7, 2004 




GILBERTO BARRON ' 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



